Data Protection Act
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Data Protection Act as PDF for free.
More details
- Words: 1,003
- Pages: 4
Data Protection Act 2003/ 2018 Roisin Farrell
Data Protection Act 2003/2018 What does this act state? The Data Protection Acts state that information about you must be accurate, must only be made available to those that should have it and must only be used for specified purposes. You have the right to access personal information relating to you and have any errors corrected or, in some cases, have the information erased. If your information is being held for the purposes of direct marketing, you can have your details removed. Data protection rights apply to information held on computer or in manual or paper files. The Data Protection Commissioner is appointed by the Government. The Commissioner is independent in the exercise of their functions. Individuals who feel their rights are being infringed can complain to the Commissioner, who has powers to enforce the provisions of the Act. If you suffer damage as a result of a breach of your data protection rights, you may sue for damages through the courts. The Commissioner also maintains a register, available for public inspection, giving general details about the data handling practices of many important data controllers, such as government departments and State-sector bodies, financial institutions, and any person or organisation who keeps sensitive types of personal data. 2018 changes A new European Union-wide framework known as the General Data Protection Regulation (GDPR) changes the rules on data protection. It provides for a more uniform interpretation and application of data protection standards across the EU. The Data Protection Act 2018, which was signed into law on 24 May 2018, changed the previous data protection framework, established under the Data Protection Act 2003. It includes : ● Establishing a new Data Protection Commission as the State’s data protection authority ● Transposing the law enforcement Directive into national law ● Giving further effect to the GDPR in areas where member states have flexibility (for example, the digital age of consent)
Who does it protect? The Data Protection Act protects everyone. The Data Protection Act controls how your personal information is used by organisations, businesses or the government. The Act was designed to protect people’s privacy, from businesses to individuals. Why is it important? It is important to protect people’s privacy and to protect the fundamental rights and freedoms of persons that are related to that data. It is also important to prevent third party access Some key information is stored by businesses in the form of employee records, loyalty schemes, customer details, etc. These include name, address, phone number, email, bank details, health information, etc. These are important and sensitive data and needs to be protected from third parties. This information can be used for identity theft, scams or other types of criminal activities.
How is it enforced? The Acts (1988 & 2003) establishes the office of the Data Protection Commissioner. The Commissioner's role is to ensure that those who keep personal information on computer comply with the provisions of the Act. The Commissioner has a wide range of enforcement powers to assist him/her in ensuring that the principles of data protection are being observed. These powers include the serving of legal notices compelling a data controller to provide information needed to assist his enquiries, or compelling a data controller to implement a provision of the Act. The commissioner also investigates complaints made by the public and has wide powers in this area also. He/she can authorise for officers to enter premises and inspect personal information kept on computer.
Case study Prosecution of AA Ireland Limited In December 2017 the DPC received a complaint from an individual who had received unsolicited marketing text messages from AA Ireland Limited. He informed the DPC that he had recently received his motor insurance renewal quotation from his current insurance provider and had decided to shop around to try to get a more competitive quotation. One of the companies he telephoned for a quotation was AA Ireland Limited. The complainant informed the DPC that he had expressly stated to the agent who answered his call that he wanted an assurance his details would not be used for marketing purposes and that he had been given that assurance by the agent. The phone call continued with the agent providing a quotation. The complainant noted that the quotation was higher than the renewal quotation from his current insurance provider and the complainant had indicated to the agent that he would not be proceeding with the quotation offered by AA Ireland Limited. The day after the phone call in question he had received a marketing text message from AA Ireland Limited offering him €50 off the quote provided. A further similar text message was sent to his mobile phone one day later. The complainant stated that he felt that this action was a blatant breach of his very clear instructions that he did not wish to receive any marketing communications. During the course of the Data Protection Comission’s investigation, AA Ireland Limited confirmed that it had sent both text messages to the complainant and admitted that it had not obtained consent to send these messages to the complainant. The company acknowledged that the complainant had requested that he not receive marketing messages, that the complainant’s request should have been actioned and that his details should not have been used for marketing purposes. The company claimed that the incident arose as a result of human error. It explained that the correct process had not been followed by the agent so that the complainant’s details had been recorded with an opt-in for him to receive marketing messages therefore resulting in marketing text messages being sent to him. As the DPC had previously issued a warning in separate circumstances to AA Ireland Limited in relation to unsolicited marketing communications, in this instance the DPC decided to initiate prosecute proceedings. At Dublin Metropolitan District Court on 14 May 2018 AA Ireland Limited entered a guilty plea to one offence. It also agreed to cover the prosecution costs incurred by the DPC.
Data Protection Act 2003/2018 What does this act state? The Data Protection Acts state that information about you must be accurate, must only be made available to those that should have it and must only be used for specified purposes. You have the right to access personal information relating to you and have any errors corrected or, in some cases, have the information erased. If your information is being held for the purposes of direct marketing, you can have your details removed. Data protection rights apply to information held on computer or in manual or paper files. The Data Protection Commissioner is appointed by the Government. The Commissioner is independent in the exercise of their functions. Individuals who feel their rights are being infringed can complain to the Commissioner, who has powers to enforce the provisions of the Act. If you suffer damage as a result of a breach of your data protection rights, you may sue for damages through the courts. The Commissioner also maintains a register, available for public inspection, giving general details about the data handling practices of many important data controllers, such as government departments and State-sector bodies, financial institutions, and any person or organisation who keeps sensitive types of personal data. 2018 changes A new European Union-wide framework known as the General Data Protection Regulation (GDPR) changes the rules on data protection. It provides for a more uniform interpretation and application of data protection standards across the EU. The Data Protection Act 2018, which was signed into law on 24 May 2018, changed the previous data protection framework, established under the Data Protection Act 2003. It includes : ● Establishing a new Data Protection Commission as the State’s data protection authority ● Transposing the law enforcement Directive into national law ● Giving further effect to the GDPR in areas where member states have flexibility (for example, the digital age of consent)
Who does it protect? The Data Protection Act protects everyone. The Data Protection Act controls how your personal information is used by organisations, businesses or the government. The Act was designed to protect people’s privacy, from businesses to individuals. Why is it important? It is important to protect people’s privacy and to protect the fundamental rights and freedoms of persons that are related to that data. It is also important to prevent third party access Some key information is stored by businesses in the form of employee records, loyalty schemes, customer details, etc. These include name, address, phone number, email, bank details, health information, etc. These are important and sensitive data and needs to be protected from third parties. This information can be used for identity theft, scams or other types of criminal activities.
How is it enforced? The Acts (1988 & 2003) establishes the office of the Data Protection Commissioner. The Commissioner's role is to ensure that those who keep personal information on computer comply with the provisions of the Act. The Commissioner has a wide range of enforcement powers to assist him/her in ensuring that the principles of data protection are being observed. These powers include the serving of legal notices compelling a data controller to provide information needed to assist his enquiries, or compelling a data controller to implement a provision of the Act. The commissioner also investigates complaints made by the public and has wide powers in this area also. He/she can authorise for officers to enter premises and inspect personal information kept on computer.
Case study Prosecution of AA Ireland Limited In December 2017 the DPC received a complaint from an individual who had received unsolicited marketing text messages from AA Ireland Limited. He informed the DPC that he had recently received his motor insurance renewal quotation from his current insurance provider and had decided to shop around to try to get a more competitive quotation. One of the companies he telephoned for a quotation was AA Ireland Limited. The complainant informed the DPC that he had expressly stated to the agent who answered his call that he wanted an assurance his details would not be used for marketing purposes and that he had been given that assurance by the agent. The phone call continued with the agent providing a quotation. The complainant noted that the quotation was higher than the renewal quotation from his current insurance provider and the complainant had indicated to the agent that he would not be proceeding with the quotation offered by AA Ireland Limited. The day after the phone call in question he had received a marketing text message from AA Ireland Limited offering him €50 off the quote provided. A further similar text message was sent to his mobile phone one day later. The complainant stated that he felt that this action was a blatant breach of his very clear instructions that he did not wish to receive any marketing communications. During the course of the Data Protection Comission’s investigation, AA Ireland Limited confirmed that it had sent both text messages to the complainant and admitted that it had not obtained consent to send these messages to the complainant. The company acknowledged that the complainant had requested that he not receive marketing messages, that the complainant’s request should have been actioned and that his details should not have been used for marketing purposes. The company claimed that the incident arose as a result of human error. It explained that the correct process had not been followed by the agent so that the complainant’s details had been recorded with an opt-in for him to receive marketing messages therefore resulting in marketing text messages being sent to him. As the DPC had previously issued a warning in separate circumstances to AA Ireland Limited in relation to unsolicited marketing communications, in this instance the DPC decided to initiate prosecute proceedings. At Dublin Metropolitan District Court on 14 May 2018 AA Ireland Limited entered a guilty plea to one offence. It also agreed to cover the prosecution costs incurred by the DPC.
Related Documents
Data Protection Act
October 2019 24
Data Protection Act
April 2020 10
Data Protection Act 2003 2018 1
November 2019 3
The Environment Protection Act
December 2019 23
Environmental Protection Act 1986
June 2020 23